From 8525377b94c53364793dcbbdb69df1e8b87536b2 Mon Sep 17 00:00:00 2001 From: rv0lt Date: Thu, 30 Nov 2023 14:14:49 +0100 Subject: [PATCH 01/17] new pkg --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 69d9d4fa5..e6e384622 100644 --- a/requirements.txt +++ b/requirements.txt @@ -12,7 +12,7 @@ certifi==2023.07.22 cffi==1.15.0 charset-normalizer==2.0.11 click==8.0.3 -cryptography==41.0.3 +cryptography==41.0.6 Deprecated==1.2.13 dnspython==2.2.0 dominate==2.6.0 From a807403c21d36cd39177a2cdc5a260beabad8c7e Mon Sep 17 00:00:00 2001 From: rv0lt Date: Thu, 30 Nov 2023 14:42:50 +0100 Subject: [PATCH 02/17] sprintlog --- SPRINTLOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/SPRINTLOG.md b/SPRINTLOG.md index 761836922..49593637f 100644 --- a/SPRINTLOG.md +++ b/SPRINTLOG.md @@ -330,3 +330,7 @@ _Nothing merged in CLI during this sprint_ - Updated PostCss Node package to address vulnerabities ([#1489](https://github.com/ScilifelabDataCentre/dds_web/pull/1489)) - Updated Several node libraries to address vulnerabities ([#1492](https://github.com/ScilifelabDataCentre/dds_web/pull/1492)) - New version: 2.6.0 ([#1494](https://github.com/ScilifelabDataCentre/dds_web/pull/1494)) + +# 2023-11-20 - 2023-11-01 + +- Patch update crypthography package to address cve ([#1496](https://github.com/ScilifelabDataCentre/dds_web/pull/1496)) From f1f5422fc659b23b57638a9bb8789757d78cd8a8 Mon Sep 17 00:00:00 2001 From: rv0lt Date: Mon, 11 Dec 2023 14:56:07 +0100 Subject: [PATCH 03/17] code --- dds_web/api/user.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/dds_web/api/user.py b/dds_web/api/user.py index 35ec90405..aec37d549 100644 --- a/dds_web/api/user.py +++ b/dds_web/api/user.py @@ -1334,6 +1334,16 @@ def row_to_dict(entry) -> dict: hit["Unit"] = hit["Unit"].name return hit + def mark_if_owner(entry,invite_id): + """ Given a list of users to print, If the researcher is Project Owner, list the role as Owner.""" + if ( + models.ProjectInviteKeys.query.filter_by(invite_id=invite_id) + .filter_by(owner=1) + .all() + ): + entry["Role"] = "Project Owner" + return entry + if current_user.role == "Super Admin": # superadmin can see all invites raw_invites = models.Invite.query.all() @@ -1342,6 +1352,7 @@ def row_to_dict(entry) -> dict: entry = row_to_dict(inv) if inv.role == "Super Admin": entry["Projects"] = "----" + mark_if_owner(entry,inv.id) hits.append(entry) elif current_user.role in ("Unit Admin", "Unit Personnel"): @@ -1361,6 +1372,7 @@ def row_to_dict(entry) -> dict: entry["Projects"] = [ project for project in entry["Projects"] if project in unit_projects_pubid ] + mark_if_owner(entry,inv.id) hits.append(entry) elif inv.role in ("Unit Admin", "Unit Personnel") and inv.unit == unit: hits.append(row_to_dict(inv)) @@ -1391,6 +1403,7 @@ def row_to_dict(entry) -> dict: entry["Projects"] = [ project for project in entry["Projects"] if project in user_projects_pubid ] + mark_if_owner(entry,inv.id) hits.append(entry) else: # in case further roles are defined in the future From 6920cb9ec3ea96300e6fade34602d84d411752e7 Mon Sep 17 00:00:00 2001 From: rv0lt Date: Mon, 11 Dec 2023 14:59:23 +0100 Subject: [PATCH 04/17] black --- dds_web/api/user.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dds_web/api/user.py b/dds_web/api/user.py index aec37d549..fc6021721 100644 --- a/dds_web/api/user.py +++ b/dds_web/api/user.py @@ -1335,7 +1335,7 @@ def row_to_dict(entry) -> dict: return hit def mark_if_owner(entry,invite_id): - """ Given a list of users to print, If the researcher is Project Owner, list the role as Owner.""" + """Given a list of users to print, If the researcher is Project Owner, list the role as Owner.""" if ( models.ProjectInviteKeys.query.filter_by(invite_id=invite_id) .filter_by(owner=1) @@ -1352,7 +1352,7 @@ def mark_if_owner(entry,invite_id): entry = row_to_dict(inv) if inv.role == "Super Admin": entry["Projects"] = "----" - mark_if_owner(entry,inv.id) + mark_if_owner(entry, inv.id) hits.append(entry) elif current_user.role in ("Unit Admin", "Unit Personnel"): @@ -1372,7 +1372,7 @@ def mark_if_owner(entry,invite_id): entry["Projects"] = [ project for project in entry["Projects"] if project in unit_projects_pubid ] - mark_if_owner(entry,inv.id) + mark_if_owner(entry, inv.id) hits.append(entry) elif inv.role in ("Unit Admin", "Unit Personnel") and inv.unit == unit: hits.append(row_to_dict(inv)) @@ -1403,7 +1403,7 @@ def mark_if_owner(entry,invite_id): entry["Projects"] = [ project for project in entry["Projects"] if project in user_projects_pubid ] - mark_if_owner(entry,inv.id) + mark_if_owner(entry, inv.id) hits.append(entry) else: # in case further roles are defined in the future From 5af97bf9be0b08cede7d78727b9d111173610f03 Mon Sep 17 00:00:00 2001 From: rv0lt Date: Mon, 11 Dec 2023 15:01:14 +0100 Subject: [PATCH 05/17] black --- dds_web/api/user.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dds_web/api/user.py b/dds_web/api/user.py index fc6021721..72dbb145b 100644 --- a/dds_web/api/user.py +++ b/dds_web/api/user.py @@ -1334,7 +1334,7 @@ def row_to_dict(entry) -> dict: hit["Unit"] = hit["Unit"].name return hit - def mark_if_owner(entry,invite_id): + def mark_if_owner(entry, invite_id): """Given a list of users to print, If the researcher is Project Owner, list the role as Owner.""" if ( models.ProjectInviteKeys.query.filter_by(invite_id=invite_id) From 775e5f91e4597c1fd48335d4a65183c514fa5967 Mon Sep 17 00:00:00 2001 From: rv0lt Date: Mon, 11 Dec 2023 15:47:24 +0100 Subject: [PATCH 06/17] test --- tests/api/test_user.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/api/test_user.py b/tests/api/test_user.py index e256e07c2..6187812f4 100644 --- a/tests/api/test_user.py +++ b/tests/api/test_user.py @@ -32,6 +32,7 @@ new_unit_admin = {"email": "new_unit_admin@mailtrap.io", "role": "Unit Admin"} new_super_admin = {"email": "new_super_admin@mailtrap.io", "role": "Super Admin"} new_unit_user = {"email": "new_unit_user@mailtrap.io", "role": "Unit Personnel"} +new_owner_existing_project = {"email": "new_owner@mailtrap.io", "project": "public_project_id", "role": "Project Owner"} existing_research_user = {"email": "researchuser2@mailtrap.io", "role": "Researcher"} existing_research_user_owner = {"email": "researchuser2@mailtrap.io", "role": "Project Owner"} existing_research_user_to_existing_project = { @@ -1253,6 +1254,13 @@ def get_list(as_user) -> dict: researcher_to_project["project"] = "unit2testing" invite_user(researcher_to_project, "unitadmin") + researcher_to_project = dict(new_owner_existing_project) + invite_user(researcher_to_project, "unitadmin") + researcher_to_project["project"] = "second_public_project_id" + invite_user(researcher_to_project, "unitadmin") + researcher_to_project["project"] = "unit2testing" + invite_user(researcher_to_project, "unitadmin") + response = get_list("superadmin") assert "invites" in response.json assert len(response.json["invites"]) == 5 From a74a55e742ff76f796a66e9d844eaeb2e0e3d6ca Mon Sep 17 00:00:00 2001 From: rv0lt Date: Mon, 11 Dec 2023 15:49:19 +0100 Subject: [PATCH 07/17] black --- tests/api/test_user.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/api/test_user.py b/tests/api/test_user.py index 6187812f4..d7790be6e 100644 --- a/tests/api/test_user.py +++ b/tests/api/test_user.py @@ -32,7 +32,11 @@ new_unit_admin = {"email": "new_unit_admin@mailtrap.io", "role": "Unit Admin"} new_super_admin = {"email": "new_super_admin@mailtrap.io", "role": "Super Admin"} new_unit_user = {"email": "new_unit_user@mailtrap.io", "role": "Unit Personnel"} -new_owner_existing_project = {"email": "new_owner@mailtrap.io", "project": "public_project_id", "role": "Project Owner"} +new_owner_existing_project = { + "email": "new_owner@mailtrap.io", + "project": "public_project_id", + "role": "Project Owner", +} existing_research_user = {"email": "researchuser2@mailtrap.io", "role": "Researcher"} existing_research_user_owner = {"email": "researchuser2@mailtrap.io", "role": "Project Owner"} existing_research_user_to_existing_project = { From c43f74fc60806de65a15947a6c506d125193efaf Mon Sep 17 00:00:00 2001 From: rv0lt Date: Mon, 11 Dec 2023 16:09:40 +0100 Subject: [PATCH 08/17] fix test --- tests/api/test_user.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/api/test_user.py b/tests/api/test_user.py index d7790be6e..cffe81c06 100644 --- a/tests/api/test_user.py +++ b/tests/api/test_user.py @@ -1267,7 +1267,7 @@ def get_list(as_user) -> dict: response = get_list("superadmin") assert "invites" in response.json - assert len(response.json["invites"]) == 5 + assert len(response.json["invites"]) == 6 for entry in response.json["invites"]: for key in ["Email", "Role", "Projects", "Created", "Unit"]: assert key in entry @@ -1280,7 +1280,7 @@ def get_list(as_user) -> dict: response = get_list("unitadmin") assert "invites" in response.json - assert len(response.json["invites"]) == 2 + assert len(response.json["invites"]) == 3 for entry in response.json["invites"]: for key in ["Email", "Role", "Projects", "Created"]: assert key in entry @@ -1297,7 +1297,7 @@ def get_list(as_user) -> dict: response = get_list("projectowner") assert "invites" in response.json - assert len(response.json["invites"]) == 1 + assert len(response.json["invites"]) == 2 for entry in response.json["invites"]: for key in ["Email", "Role", "Projects", "Created"]: assert key in entry From d6dc7f400f72cf3bae18473533f065f5bbc65635 Mon Sep 17 00:00:00 2001 From: rv0lt Date: Tue, 12 Dec 2023 09:13:48 +0100 Subject: [PATCH 09/17] springlog --- SPRINTLOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/SPRINTLOG.md b/SPRINTLOG.md index 761836922..f25c5f8ab 100644 --- a/SPRINTLOG.md +++ b/SPRINTLOG.md @@ -330,3 +330,7 @@ _Nothing merged in CLI during this sprint_ - Updated PostCss Node package to address vulnerabities ([#1489](https://github.com/ScilifelabDataCentre/dds_web/pull/1489)) - Updated Several node libraries to address vulnerabities ([#1492](https://github.com/ScilifelabDataCentre/dds_web/pull/1492)) - New version: 2.6.0 ([#1494](https://github.com/ScilifelabDataCentre/dds_web/pull/1494)) + +# 2023-12-4 - 2023-12-15 + +- Fix listing users was not showing PO ([#1497](https://github.com/ScilifelabDataCentre/dds_web/pull/1497)) From bb26b0aaeb8bc053ba64b5b4d6183df3fbe2d3b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lvaro=20Revuelta?= <46089290+rv0lt@users.noreply.github.com> Date: Tue, 12 Dec 2023 11:47:37 +0100 Subject: [PATCH 10/17] Update dds_web/api/user.py Co-authored-by: Valentin Georgiev --- dds_web/api/user.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dds_web/api/user.py b/dds_web/api/user.py index 72dbb145b..2ad5e015e 100644 --- a/dds_web/api/user.py +++ b/dds_web/api/user.py @@ -1335,7 +1335,7 @@ def row_to_dict(entry) -> dict: return hit def mark_if_owner(entry, invite_id): - """Given a list of users to print, If the researcher is Project Owner, list the role as Owner.""" + """Given an invite for printing, If the researcher is Project Owner, list the role as Owner.""" if ( models.ProjectInviteKeys.query.filter_by(invite_id=invite_id) .filter_by(owner=1) From b4017a919f54dee33549ce8dc08e5a75d45bb2ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lvaro=20Revuelta?= <46089290+rv0lt@users.noreply.github.com> Date: Tue, 12 Dec 2023 12:45:34 +0100 Subject: [PATCH 11/17] prettier --- SPRINTLOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/SPRINTLOG.md b/SPRINTLOG.md index 91dfab15b..cec952404 100644 --- a/SPRINTLOG.md +++ b/SPRINTLOG.md @@ -332,5 +332,6 @@ _Nothing merged in CLI during this sprint_ - New version: 2.6.0 ([#1494](https://github.com/ScilifelabDataCentre/dds_web/pull/1494)) # 2023-12-4 - 2023-12-15 + - Patch update crypthography package to address cve ([#1496](https://github.com/ScilifelabDataCentre/dds_web/pull/1496)) -- Fix listing users was not showing PO ([#1497](https://github.com/ScilifelabDataCentre/dds_web/pull/1497)) \ No newline at end of file +- Fix listing users was not showing PO ([#1497](https://github.com/ScilifelabDataCentre/dds_web/pull/1497)) From a9ba783837f6c89efcc4a0f4bddcacf3f1eb56cb Mon Sep 17 00:00:00 2001 From: valyo <582646+valyo@users.noreply.github.com> Date: Tue, 12 Dec 2023 18:27:21 +0100 Subject: [PATCH 12/17] add "/tmp/" as csv file location --- dds_web/commands.py | 3 ++- tests/test_commands.py | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/dds_web/commands.py b/dds_web/commands.py index 071042bdd..00bdbe9dd 100644 --- a/dds_web/commands.py +++ b/dds_web/commands.py @@ -945,6 +945,7 @@ def send_usage(months): # CSV files to send csv_file_names = [] + csv_file_location = "/tmp/" have_failed = False # Flag to check if any csv files failed to be generated @@ -952,7 +953,7 @@ def send_usage(months): for unit in models.Unit.query: # Generate CSV file name csv_file_name = pathlib.Path( - f"{unit.public_id}_Usage_Months-{start.month}-to-{end.month}.csv" + f"{csv_file_location}{unit.public_id}_Usage_Months-{start.month}-to-{end.month}.csv" ) flask.current_app.logger.debug(f"CSV file name: {csv_file_name}") diff --git a/tests/test_commands.py b/tests/test_commands.py index 2d5ea05ea..83439c7ed 100644 --- a/tests/test_commands.py +++ b/tests/test_commands.py @@ -1757,6 +1757,8 @@ def run_command_and_check_output(months_to_test, start_time): Return the csv files attached to the email. """ + csv_file_location = "/tmp/" + with mail.record_messages() as outbox: with patch("dds_web.utils.current_time") as current_time_func: # Mock current time current_time_func.return_value = start_time @@ -1775,8 +1777,8 @@ def run_command_and_check_output(months_to_test, start_time): end_month = end_time.month unit_1_id = project_1_unit_1.responsible_unit.public_id unit_2_id = project_1_unit_2.responsible_unit.public_id - csv_1_name = f"{unit_1_id}_Usage_Months-{end_month}-to-{start_month}.csv" - csv_2_name = f"{unit_2_id}_Usage_Months-{end_month}-to-{start_month}.csv" + csv_1_name = f"{csv_file_location}{unit_1_id}_Usage_Months-{end_month}-to-{start_month}.csv" + csv_2_name = f"{csv_file_location}{unit_2_id}_Usage_Months-{end_month}-to-{start_month}.csv" # check that the files no longer exist in the filesystem assert not os.path.exists(csv_1_name) From 04292f9ec5ee1b6d18feceadc255e293728b45ca Mon Sep 17 00:00:00 2001 From: valyo <582646+valyo@users.noreply.github.com> Date: Wed, 13 Dec 2023 08:52:36 +0100 Subject: [PATCH 13/17] black --- tests/test_commands.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/test_commands.py b/tests/test_commands.py index 83439c7ed..bf7731b64 100644 --- a/tests/test_commands.py +++ b/tests/test_commands.py @@ -1777,8 +1777,12 @@ def run_command_and_check_output(months_to_test, start_time): end_month = end_time.month unit_1_id = project_1_unit_1.responsible_unit.public_id unit_2_id = project_1_unit_2.responsible_unit.public_id - csv_1_name = f"{csv_file_location}{unit_1_id}_Usage_Months-{end_month}-to-{start_month}.csv" - csv_2_name = f"{csv_file_location}{unit_2_id}_Usage_Months-{end_month}-to-{start_month}.csv" + csv_1_name = ( + f"{csv_file_location}{unit_1_id}_Usage_Months-{end_month}-to-{start_month}.csv" + ) + csv_2_name = ( + f"{csv_file_location}{unit_2_id}_Usage_Months-{end_month}-to-{start_month}.csv" + ) # check that the files no longer exist in the filesystem assert not os.path.exists(csv_1_name) From 3491e77c176b842efc924cdc22dbc40d35e5fcf1 Mon Sep 17 00:00:00 2001 From: valyo <582646+valyo@users.noreply.github.com> Date: Wed, 13 Dec 2023 09:11:36 +0100 Subject: [PATCH 14/17] add sprintlog --- SPRINTLOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/SPRINTLOG.md b/SPRINTLOG.md index cec952404..433fe0f35 100644 --- a/SPRINTLOG.md +++ b/SPRINTLOG.md @@ -335,3 +335,4 @@ _Nothing merged in CLI during this sprint_ - Patch update crypthography package to address cve ([#1496](https://github.com/ScilifelabDataCentre/dds_web/pull/1496)) - Fix listing users was not showing PO ([#1497](https://github.com/ScilifelabDataCentre/dds_web/pull/1497)) +- Bug: `flask send-usage` permission issue on testing and production environment ([1499](https://github.com/ScilifelabDataCentre/dds_web/pull/1499)) From 58187222fa90220a5f7c66e4d9c021c0a83ee0dc Mon Sep 17 00:00:00 2001 From: valyo <582646+valyo@users.noreply.github.com> Date: Thu, 14 Dec 2023 15:06:20 +0100 Subject: [PATCH 15/17] changelog --- CHANGELOG.rst | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 1c52999f3..277c1441b 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,6 +1,17 @@ Changelog ========== +.. _2.6.1: + +2.6.1 - 2023-12-20 +~~~~~~~~~~~~~~~~~~~~~~~ + +- Bugs fixed: + - Listing users invites will now show if the invote is for Project Owner. + - Permissions issue for `send-usage` command in testing and production environment. +- Dependencies: + - `Cryptography` from `41.0.3` to `41.0.6` + .. _2.6.0: 2.6.0 - 2023-11-22 From fb1140c46ced82a7edc9137c4039bf492efa56b0 Mon Sep 17 00:00:00 2001 From: valyo <582646+valyo@users.noreply.github.com> Date: Thu, 14 Dec 2023 15:06:50 +0100 Subject: [PATCH 16/17] version --- dds_web/version.py | 2 +- tests/test_version.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dds_web/version.py b/dds_web/version.py index 1d61112a0..67e1d4985 100644 --- a/dds_web/version.py +++ b/dds_web/version.py @@ -1,3 +1,3 @@ # Do not do major version upgrade during 2024. # If mid or minor version reaches 9, continue with 10, 11 etc etc. -__version__ = "2.6.0" +__version__ = "2.6.1" diff --git a/tests/test_version.py b/tests/test_version.py index aaf84a488..345f38049 100644 --- a/tests/test_version.py +++ b/tests/test_version.py @@ -2,4 +2,4 @@ def test_version(): - assert version.__version__ == "2.6.0" + assert version.__version__ == "2.6.1" From eca8aa55e2cf4d8aca93d0c6d0b6d6d5a5b63410 Mon Sep 17 00:00:00 2001 From: valyo <582646+valyo@users.noreply.github.com> Date: Thu, 14 Dec 2023 15:09:47 +0100 Subject: [PATCH 17/17] sprintlog --- SPRINTLOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/SPRINTLOG.md b/SPRINTLOG.md index 433fe0f35..ca031ea1f 100644 --- a/SPRINTLOG.md +++ b/SPRINTLOG.md @@ -336,3 +336,4 @@ _Nothing merged in CLI during this sprint_ - Patch update crypthography package to address cve ([#1496](https://github.com/ScilifelabDataCentre/dds_web/pull/1496)) - Fix listing users was not showing PO ([#1497](https://github.com/ScilifelabDataCentre/dds_web/pull/1497)) - Bug: `flask send-usage` permission issue on testing and production environment ([1499](https://github.com/ScilifelabDataCentre/dds_web/pull/1499)) +- New version: 2.6.1 ([#1501](https://github.com/ScilifelabDataCentre/dds_web/pull/1501))